Sunday, 26 April 2015

First,
I should mention that the notoriously indiscreet world of data protection has
another document to drool over.

Thanks
to our friends at Statewatch, we now have the first draft (of which will be
many drafts) of the notorious 4 column document, from which the final GDPR is
crafted.

Here,
sitting alongside each other, is the original text of the Regulation, as
proposed by the European Commission, and the versions that the European
Parliament has and the European Council is highly likely to recommend.

The
bunfight will focus on the 4th column. What text will the drafters
develop that is satisfactory to all the negotiators in the room? For that is
what will be slipped into the 4th column.

Eventually,
when all 630 pages of the document have text in the 4th column,
someone will announce “Ladies and gentlemen, we have done it”. Then, data
protection professionals outside the magic circle of trusted advisors /
lobbyists / privacy advocates and geeks who have already seen it will get their change to
work out whether they can both understand and implement what it is that has
been agreed.

The
current fly in the ointment is the obtaining of the final agreement of the
European Council to their draft (ie final agreement on the contents of the 3rd
column).

The
pragmatic Brits have a teeny weeny problem over the 3rd column right
now. Although we still have a Minister for Data Protection, and although the
general election next month may herald a new Minister, replacing Simon Hughes,
its going to be really hard to find anyone really important who is prepared to
travel to attend a Council Of Ministers meeting to finalize the bloody thing.

Why?
Because the European Council appears to be pulling out all the stops to reach
final agreement on the 3rd column on 15th June.
Representatives are due to be locked into a room and told that they can’t
emerge until agreement has been reached. Their iPads will be confiscated,
refreshments will be gradually withheld, and the translation channel featuring
winning songs from the past ten years of the Eurovision Song Contest (the other
channels translate the current speaker into all the tongues of the European
Union for the delight of all delegates) will be disenabled.

15th
June is a big day for the European Council. It has been decreed that, come what
may, agreement will be reached on this day.

But,
and this is a big but, the most senior British privacy Ministers have no
intention of being anywhere near that meeting on 15th June. Instead,
they want to be at the Royal tea party that will be held in the middle of a
field in Runnymede, near Windsor. With HMQ - and our very own Information Commissioner.

Why?

Because
15th June 2015 marks the 800th anniversary of the agreement
of the Magna Carta. A huge celebration is planned. There will be speeches – and possibly even
a reenactment of the great event. Our own Queen Elizabeth could play the part
of King John, while our new data protection Minister would represent the rebel
barons.

So, Minister, what would you prefer? Cucumber sandwiches with HMQ, or being stuck
in a basement room in Brussels hammering out a document that will then be torn apart by a year worth of triologues?

I
know what I would prefer.

[Most of my chums at the Crouch End Chapter of the Institute of Data Protection) expect the Council of Ministers to start an extended debate on 15th June, but to delay the final vote until our most important privacy Minister has taken their tea with HMQ at Runnymede and has then travelled (economy class) to Brussels. This ought to enable agreement to be formally reached the following day.]

About Me

I'm Martin Hoskins, and I write this blog to offer somewhat of an irreverent approach to data protection issues. I'm not one of the "high priests" of data protection. I prefer the principles of transparency, fairness, practicality and risk-assessment over tedious technical dogma. In my view, when the law is unfair or impractical, it should be queried.
While I may, occasionally, gently criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity. My comments should never be taken to represent anyone else's views about any of the pressing issues of the day.
There is a much more serious side to my privacy consulting work, but for that you'll need to contact me at Grant Thornton UK LLP, where I'm an Associate Director, leading the UK privacy practice.
I tweet as @DataProtector.
You can contact me at:
martin.c.hoskins@uk.gt.com, or (with respect to my less serious posts) info@martinhoskins.com.